Cisco APIC Object Model Command-Line Interface User Guide · Cisco APIC Object Model Command-Line...
Transcript of Cisco APIC Object Model Command-Line Interface User Guide · Cisco APIC Object Model Command-Line...
Cisco APIC Object Model Command-Line Interface User GuideLast Modified: December 08, 2015
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain versionof the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS"WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.
This product includes cryptographic software written by Eric Young ([email protected]).
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)This product includes software written by Tim Hudson ([email protected]).
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)
Please send general FSF & GNU inquiries to [email protected]. There are also other ways to contact the FSF. Please send broken links and other corrections or suggestions [email protected]. Please see the Translations README for information on coordinating and submitting translations of this article.
Copyright © 2007, 2009, 2011 Free Software Foundation, Inc. Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, providedthis notice, and the copyright notice, are preserved. Updated: Date: 2011/06/28 02:44:32
© 2014-2015 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
P r e f a c e Preface vii
Audience vii
Document Conventions vii
Related Documentation ix
Documentation Feedback ix
C H A P T E R 1 Understanding the Command-Line Interface 1
About the Application Policy Infrastructure Controller 1
Configuration Options 1
Understanding Managed Objects 2
Understanding the File System 2
Understanding the GNU Bash Shell 3
Bash Extensions 3
Networking Naming Conventions 3
Interface Naming 3
Network Address Naming 4
Command Completion 4
Command History 4
Command Help 4
Mount Points 5
aci Mount Point 5
mit Mount Point 5
debug Mount Point 5
Role-Based Access Control 6
Applying Permissions and Security 6
User Management 6
Cisco APIC Object Model Command-Line Interface User Guide iii
C H A P T E R 2 Using the APIC CLI 7
Accessing the Object Model CLI 7
Viewing Managed Objects 8
Navigating the Management Information Tree 8
MO Browser Utility 9
Entering a Configuration 9
Displaying Command Differences 10
Using Configuration Wizards 10
Skipping Properties 11
Creating Configuration Templates 12
Creating Templates Using the moconfig Command 12
Creating Templates using Configuration Wizards 13
Customizing Commands 13
Sample YAML Command Definitions 14
YAML File Format 16
C H A P T E R 3 Command Reference 19
Command Help 20
attach 20
auditlog 21
create 21
controller 22
diagnostics 23
eraseconfig 24
eventlog 24
faults 25
firmware 26
health 28
loglevel 29
man 30
mobrowser 30
moconfig 31
mocreate 32
modelete 32
Cisco APIC Object Model Command-Line Interface User Guideiv
Contents
mofind 33
moprint 33
moquery 35
moset 36
mostats 37
password 39
reload 40
scope 40
show 41
svcping 42
techsupport 43
trafficmap 44
troubleshoot eptoep session (IP and MAC) 45
troubleshoot epext session EP-to-External-IP and External-IP-to-EP 46
troubleshoot eptoep session <session name> 46
troubleshoot eptoep session <session name> atomiccounter 47
troubleshoot eptoep session <session name> traceroute 48
troubleshoot eptoep session <session name> traceroute protocol 48
troubleshoot eptoep session <session name> traceroute protocol tcp dst port 48
show troubleshoot eptoep 49
show troubleshoot eptoep session <session name> 49
version 50
where 51
Cisco APIC Object Model Command-Line Interface User Guide v
Contents
Cisco APIC Object Model Command-Line Interface User Guidevi
Contents
Preface
This preface includes the following sections:
• Audience, page vii
• Document Conventions, page vii
• Related Documentation, page ix
• Documentation Feedback, page ix
AudienceThis guide is intended for network and systems administrators who configure and maintain the ApplicationCentric Infrastructure fabric.
Document ConventionsCommand descriptions use the following conventions:
DescriptionConvention
Bold text indicates the commands and keywords that you enter literallyas shown.
bold
Italic text indicates arguments for which the user supplies the values.Italic
Square brackets enclose an optional element (keyword or argument).[x]
Square brackets enclosing keywords or arguments separated by a verticalbar indicate an optional choice.
[x | y]
Braces enclosing keywords or arguments separated by a vertical barindicate a required choice.
{x | y}
Cisco APIC Object Model Command-Line Interface User Guide vii
DescriptionConvention
Nested set of square brackets or braces indicate optional or requiredchoices within optional or required elements. Braces and a vertical barwithin square brackets indicate a required choice within an optionalelement.
[x {y | z}]
Indicates a variable for which you supply values, in context where italicscannot be used.
variable
A nonquoted set of characters. Do not use quotation marks around thestring or the string will include the quotation marks.
string
Examples use the following conventions:
DescriptionConvention
Terminal sessions and information the switch displays are in screen font.screen font
Information you must enter is in boldface screen font.boldface screen font
Arguments for which you supply values are in italic screen font.italic screen font
Nonprinting characters, such as passwords, are in angle brackets.< >
Default responses to system prompts are in square brackets.[ ]
An exclamation point (!) or a pound sign (#) at the beginning of a lineof code indicates a comment line.
!, #
This document uses the following conventions:
Means reader take note. Notes contain helpful suggestions or references to material not covered in themanual.
Note
Means reader be careful. In this situation, you might do something that could result in equipment damageor loss of data.
Caution
Cisco APIC Object Model Command-Line Interface User Guideviii
PrefaceDocument Conventions
IMPORTANT SAFETY INSTRUCTIONS
This warning symbol means danger. You are in a situation that could cause bodily injury. Before youwork on any equipment, be aware of the hazards involved with electrical circuitry and be familiar withstandard practices for preventing accidents. Use the statement number provided at the end of each warningto locate its translation in the translated safety warnings that accompanied this device.
SAVE THESE INSTRUCTIONS
Warning
Related DocumentationCisco Application Centric Infrastructure (ACI) Documentation
The ACI documentation is available at the following URL: http://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html.
Cisco Application Centric Infrastructure (ACI) Simulator Documentation
The Cisco ACI Simulator documentation is available at http://www.cisco.com/c/en/us/support/cloud-systems-management/application-centric-infrastructure-simulator/tsd-products-support-series-home.html.
Cisco Nexus 9000 Series Switches Documentation
The Cisco Nexus 9000 Series Switches documentation is available at http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/tsd-products-support-series-home.html.
Cisco Application Virtual Switch Documentation
The Cisco Application Virtual Switch (AVS) documentation is available at http://www.cisco.com/c/en/us/support/switches/application-virtual-switch/tsd-products-support-series-home.html.
Cisco Application Centric Infrastructure (ACI) Integration with OpenStack Documentation
Cisco ACI integration with OpenStack documentation is available at http://www.cisco.com/c/en/us/support/cloud-systems-management/application-policy-infrastructure-controller-apic/tsd-products-support-series-home.html.
Documentation FeedbackTo provide technical feedback on this document, or to report an error or omission, please send your commentsto [email protected]. We appreciate your feedback.
Cisco APIC Object Model Command-Line Interface User Guide ix
PrefaceRelated Documentation
Cisco APIC Object Model Command-Line Interface User Guidex
PrefaceDocumentation Feedback
C H A P T E R 1Understanding the Command-Line Interface
• About the Application Policy Infrastructure Controller, page 1
• Configuration Options, page 1
• Understanding Managed Objects, page 2
• Understanding the File System, page 2
About the Application Policy Infrastructure ControllerThis guide describes how to use the command-line interface (CLI) of the Application Policy InfrastructureController (APIC), which consists of the standard Bash command language interpreter shell plus a set ofcustom commands for the APIC.
For detailed reference information about API classes, methods, and types, see the Cisco APIC ManagementInformation Model Reference, which is a web-based application. To learn about the features and operation ofthe Application Policy Infrastructure Controller, see the available white papers and the Cisco ApplicationCentric Infrastructure Fundamentals.
Configuration OptionsThe Cisco Application Policy Infrastructure Controller (APIC) offers the following configuration options:
• Direct Configuration with the Object Model CLI—You can use the Object Model CLI extensions to theBASH shell to directly manipulate managed objects (MO) and theManagement Information Tree (MIT).This document provides information about direct configuration using the Object Model CLI.
• NX-OS Style CLI—Beginning with Cisco APIC Release 1.2, you can use NX-OS style CLI commandsfor configuration.
This document does not provide information about the APICNX-OS style CLI interface.For information, see Cisco APIC NX-OS Style Command-Line Interface ConfigurationGuide.
Note
Cisco APIC Object Model Command-Line Interface User Guide 1
• Shell Scripts— You can use the Bash shell to automate some tasks using shell scripting. For moreinformation about Bash, see Understanding the GNU Bash Shell.
• Python API— Enables more extensive automation. For more information about the Python API, see theCisco APIC Python SDK Reference.
From Cisco APIC Release 1.0 until Release 1.2, the Object Model CLI was the default CLl, appearingwhen you logged in to APIC using SSH. Beginning with Cisco APIC Release 1.2, the default CLI is theNX-OS style CLI. The object model CLI is available by typing the bash command at the initial CLIprompt.
Note
Understanding Managed ObjectsThe APIC system configuration and state are modeled as a collection of managed objects (MOs), which areabstract representations of a physical or logical entity that contain a set of configurations and properties. Forexample, servers, chassis, I/O cards, and processors are physical entities represented as MOs; resource pools,user roles, service profiles, and policies are logical entities represented as MOs.
At runtime all MOs are organized in a tree structure called the Management Information Tree, providingstructured and consistent access to all MOs in the system.
Understanding the File SystemTheManagement Information Tree (MIT) consists of hierarchically organizedMOs that allow you to managethe APIC. Each MO is modeled as a Linux directory that contains all child MOs as subdirectories and allproperties in an mo file.
Here is a sample output of the file system: the local-users directory contains subdirectories for three users:admin, john, and viewer.admin@apic1:local-users> pwd/home/admin/aci/admin/aaa/security-management/local-usersadmin@apic1:local-users> ls -altotal 3drw-rw---- 1 admin admin 512 Apr 10 16:58 .drw-rw---- 1 root root 512 Apr 8 07:06 ..drw-rw---- 1 root root 512 Apr 8 07:06 admindrw-rw---- 1 admin admin 512 Jan 28 20:16 john-r--r----- 1 admin admin 197 Apr 10 16:58 summary
Role based access controls (RBAC) allow you to grant permissions to a user so that the user can manageanother user. In this case, admin and viewer users are owned by root, while john is owned by admin.
The absence of anmo file in this directory indicates that there are no configurable properties at this directorylevel.
Note
admin@apic1:local-users> cd adminadmin@apic1:admin> pwd/home/admin/aci/admin/aaa/security-management/local-users/adminadmin@apic1:admin> ls -altotal 4
Cisco APIC Object Model Command-Line Interface User Guide2
Understanding the Command-Line InterfaceUnderstanding Managed Objects
drw-rw---- 1 admin admin 512 Jul 22 14:29 .drw-rw---- 1 admin admin 512 Jul 22 14:29 ..-rw-rw---- 1 admin admin 485 Jul 22 14:29 modrw-rw---- 1 admin admin 512 Jul 22 14:29 operationaldrw-rw---- 1 admin admin 512 Jul 22 14:29 security-domainsdrw-rw---- 1 admin admin 512 Jul 22 14:29 ssh-keys-r--r----- 1 admin admin 493 Jul 22 14:29 summarydrw-rw---- 1 admin admin 512 Jul 22 14:29 user-certificates
Understanding the GNU Bash ShellBash (Bourne Again SHell) is a Unix shell or command-line interpreter supported by a variety of operatingsystems. You can use the Bash interface to directly configure the APIC or develop Bash shell scripts toautomate tasks. Bash provides a variety of command line and scripting features.
Synopsis
Bash is an sh-compatible command language interpreter that executes commands read from the standard inputor from a file. Bash also incorporates useful features from the Korn and C shells (ksh and csh). Bash isultimately intended to be a faithful implementation of the IEEE POSIX Shell and Tools specification (IEEEWorking Group 1003.2).
Bash supports a variety of features including:
• Command-line editing
• Unlimited size command history
• Job control
• Shell functions and aliases
• Indexed arrays of unlimited size
• Integer arithmetic in any base from 2 to 64
For more information about the Bash shell , see http://www.gnu.org/software/bash/bash.html.
Bash ExtensionsThe APIC includes following extensions of the Bash shell:
Networking Naming ConventionsNetwork operating systems typically use a forward slash (/) as a separator for interfaces, network addresses,and other settings. However, the Bash shell restricts the use of the forward slash in file names. While Bashprovides for an escape character, the APIC file system simplifies network naming by using a colon (:) as aseparator. The following examples describe how to use this separator.
Interface Naming
The APIC Bash extension uses the colon (:) character to delimit interface names. For example, the interfaceEthernet 1/46 is written as eth1:46.
Cisco APIC Object Model Command-Line Interface User Guide 3
Understanding the Command-Line InterfaceUnderstanding the GNU Bash Shell
The following example shows output of interfaces on a node:admin@apic1:physical-interfaces> pwd/aci/fabric/inventory/fabric-pod-1/fabric-node-17/interfaces/physical-interfacesadmin@apic1:physical-interfaces> lseth1:1 eth1:17 eth1:24 eth1:31 eth1:39 eth1:46 eth1:53 eth1:60eth1:10 eth1:18 eth1:25 eth1:32 eth1:4 eth1:47 eth1:54 eth1:7eth1:11 eth1:19 eth1:26 eth1:33 eth1:40 eth1:48 eth1:55 eth1:8eth1:12 eth1:2 eth1:27 eth1:34 eth1:41 eth1:49 eth1:56 eth1:9eth1:13 eth1:20 eth1:28 eth1:35 eth1:42 eth1:5 eth1:57 summaryeth1:14 eth1:21 eth1:29 eth1:36 eth1:43 eth1:50 eth1:58eth1:15 eth1:22 eth1:3 eth1:37 eth1:44 eth1:51 eth1:59eth1:16 eth1:23 eth1:30 eth1:38 eth1:45 eth1:52 eth1:6admin@apic1:physical-interfaces>
Network Address Naming
The APIC Bash extension uses the colon (:) character to delimit network addresses. For example, the network192.168.1.0 and subnet 255.255.255.0 are written as follows:192.168.1.0:255.255.255.0
Command CompletionThe APIC provides tab completion for standard Linux commands and APIC-specific commands listed in theCommand Reference. When you press the Tab key at the end of a command or option abbreviation, the CLIdisplays the command in full or the next available keyword or argument choice.
For example, you can use the tab key to display available directories:admin@apic1:aci> cd tenants/ <Tab>common/ infra/ mgmt/
Command HistoryThe APIC CLI supports the Bash shell history functions. To display the command history, you can use theUp Arrow or Down Arrow, as well as the history command.
You can reenter a command in the history by stepping through the history to recall the desired command andpressing Enter. You can also recall a command and change it before you enter it.
In addition, you can directly search for a previous command by pressing Ctrl-r and then typing part of thedesired command until the command is displayed.
For more information about the Bash shell including additional command history functions, see http://www.gnu.org/software/bash/bash.html
Command HelpThe CLI provides two forms of context sensitive help:
• Inline help—At any time, you can enter the Esc key twice to display the options available at the currentstate of the command syntax. If you have not entered anything at the prompt, entering Esc key twicelists all available commands for the current command mode. If you have partially entered a command,entering Esc key twice lists all available keywords and arguments available at your current position inthe command syntax.
Cisco APIC Object Model Command-Line Interface User Guide4
Understanding the Command-Line InterfaceBash Extensions
• Man pages—At the command prompt, you can enter theman followed by a command or path to amanaged object (MO) under /aci to display a UNIX-style man page. Man pages are not available for allcommands or scopes.
Mount PointsThe APIC CLI has three mount points: aci, mit, and debug. The following sections describe the mount pointsin more detail.
When you log into the APIC, the aci, debug, and mit mount points are displayed default directory:admin@apic1:~> lsaci debug mit
A link to each file system is provided in each user home directory.Note
The following sections describe the mount points in more detail.
aci Mount PointThe aci file system organizes MOs and properties into a concise format for interactive user sessions. The acimount point is intended for most users and is the primary CLI interface for the APIC.
mit Mount PointThe Management Information Tree (MIT) file system allows advanced users to directly view and configureMOs within the MIT. The directory structure of the mitfs is the same as aci except that MOs are displayed asnative MIT objects.
For example, the mit mount point displays the admin user as follows:admin@apic1:user-admin> pwd/mit/uni/userext/user-adminadmin@apic1:user-admin> ls -ltrtotal 4drw-rw---- 1 root root 512 Jan 27 15:08 userdomain-alldrw-rw---- 1 root root 512 Jan 27 15:08 userdata-r--r----- 1 root root 665 Jan 27 15:08 modrw-rw---- 1 admin admin 512 Jan 28 17:56 historydrw-rw---- 1 admin admin 512 Jan 28 17:56 faults
The mit mount point is intended for advanced users with a strong understanding of MO configuration.Note
debug Mount PointThe debug mount point allows you to view and debug configurations across multiple APIC, leaf, and spinedevices. The debug mount point is intended for troubleshooting by advanced users.
Cisco APIC Object Model Command-Line Interface User Guide 5
Understanding the Command-Line InterfaceMount Points
Role-Based Access ControlWith role-based access control (RBAC), you can limit access to device operations by assigning roles to users.You can customize access and restrict it to users who require it.
Applying Permissions and SecurityRole-Based Access Control (RBAC) allows you to control user permissions by creating roles with a set ofpermissions and assigning them to users. RBAC allows you to apply permission to a user by assigning a rolerather than directly configuring permissions.
Within the APIC CLI, you can grant permissions to users to manipulate specific parts of the ManagementInformation Tree (MIT) such as a managed object (MO).
The following example shows how to use the ls command to display RBAC permissions within the APICCLI. The command output displays files and UNIX read/write/execute file permissions and the time and datewhen the file was last modified.admin@apic1:user-admin> ls -altotal 4drw-rw---- 1 admin admin 512 Jul 22 14:25 .drw-rw---- 1 admin admin 512 Jul 22 14:25 ..-rw-rw---- 1 admin admin 421 Jul 22 14:25 mo-r--r----- 1 admin admin 608 Jul 22 14:25 summarydrw-rw---- 1 admin admin 512 Jul 22 14:25 userdatadrw-rw---- 1 admin admin 512 Jul 22 14:25 userdomain-all
User ManagementBy default, each user is provided with a home directory at /home/<username>. This directory gives permissionsfor a user to create sub-directories and files. Files created within /home/<username> inherit the default umaskpermissions and are accessible by the user and the administrator (admin).
We recommend that users create a /userid directory to store files- such as /home/jsmith -when logging in forthe first time. Thereafter the APIC treats the /userid directory as the user's home directory.
Cisco APIC Object Model Command-Line Interface User Guide6
Understanding the Command-Line InterfaceRole-Based Access Control
C H A P T E R 2Using the APIC CLI
• Accessing the Object Model CLI, page 7
• Viewing Managed Objects, page 8
• Navigating the Management Information Tree, page 8
• Entering a Configuration, page 9
• Using Configuration Wizards, page 10
• Creating Configuration Templates, page 12
• Customizing Commands, page 13
Accessing the Object Model CLI
From Cisco APIC Release 1.0 until Release 1.2, the Object Model CLI was the default CLl, appearingwhen you logged in to APIC using SSH. Beginning with Cisco APIC Release 1.2, the default CLI is theNX-OS style CLI.
Note
Procedure
Step 1 From a secure shell (SSH) client, open an SSH connection to APIC at username@ip-address. Use theadministrator login name and the out-of-band management IP address that you configured during the initialsetup. For example, [email protected].
Step 2 When prompted, enter the administrator password.Step 3 At the command line prompt, type bash.
Cisco APIC Object Model Command-Line Interface User Guide 7
Example
This example shows how to reach the object model CLI from the initial CLI prompt.
apic1# bashadmin@apic1:~>
Viewing Managed ObjectsUse the cat summary command to display a summary of the managed object (MO) in a given context withinthe Management Information Tree (MIT):
You can also use the less andmore commands to displayMO files one screen at a time.Note
admin@apic1:common> cat summaryname : commondescription :tags : uni/tn-commonownerkey :ownertag :alias :monitoring-policy :epg-address-pool :
security-domains:name description------ -----------common
Navigating the Management Information TreeThe Management Information Tree (MIT) contains a variety of scopes, including:
• aaa
• auditlog
• controller
• eventlog
• fabric-policies
• faults
• faults-history
• firmware
• health
• health-history
• import-export
• l4-l7-inventory
• l4-l7-packages
Cisco APIC Object Model Command-Line Interface User Guide8
Using the APIC CLIViewing Managed Objects
• local-user
• pod
• schedulers
• security-domains
• switch
• tenant
• trafficmap
• version
• vm-inventory
• vm-policies
To navigate quickly through these scopes, you can use the following commands:
• scope—Jumps to the directory for a context.
• show—Displays the summary for a context.
• where—Displays the management information tree (MIT) directory path for a context.
For more information about these commands, see Command Reference, on page 19
MO Browser UtilityThe APIC CLI contains a managed object (MO) browser utility for viewing and editing MOs with a interfacesimilar to vi. For more information about mobrowser, see mobrowser.
Entering a ConfigurationYou can use themoconfig, moset, andmodelete commands to create a configuration.
Themoconfig command creates a new context by name, whereasmoset sets properties on an existing MO.Themodelete command removes a scope by name, typically a sub-scope.
To override default settings, you can specify additional properties with themocreate command. If you wantto override default settings for a context, you can specify additional properties with the mocreate command.For more information, see mocreate.
You can also use the APIC GUI, REST API, or Python API to enter a configuration. For more informationabout these tools, see the APIC Getting Started Guide and the APIC Python API and SDK.
Note
Cisco APIC Object Model Command-Line Interface User Guide 9
Using the APIC CLIMO Browser Utility
Displaying Command DifferencesThemoconfig diff command summarizes any unsaved changes are present in the configuration buffer. Youcan use themoconfig commit command to apply the new properties to the MO.
Using Configuration WizardsWizards simplify the process of creating a configuration. When you run a wizard in a given context (such astenants), the wizard helps you create a complete configuration within a given context (for example, tenantsor private networks).
Launching a Wizard
To start a wizard, run the .wiz file. For example, the tenant context provides a wizard that you can run usingthe ./tenant.wiz Bash command.
Wizard Options
Wizards support command completion. You can enter ? to list the available options.
description : MyCompany BDnetwork : ?default networkinb networkoverlay-1 networknetwork : inb
Example
The following example shows the full output of the tenant wizard.admin@apic1:tenants> ./tenant.wiz
tenant------name : MyCompanyalias : MyCompany_tenantdescription : This is MyCompanymonitoring-policy : default
private-network---------------name : MyCompany_netdescription : MyCompany Networkbgp-timers : defaultospf-timers : defaultmonitoring-policy : default
bridge-domain---------------name : MyCompany_domaindescription : MyCompany BDnetwork : ?default networkinb networkoverlay-1 networknetwork : inb
Do you want to create another private-network (y/n): n
Cisco APIC Object Model Command-Line Interface User Guide10
Using the APIC CLIDisplaying Command Differences
Do you want to view the corresponding commands? (y/n): y--------------------------------------------------------------------------------
mocreate MyCompanycd MyCompanymoset alias MyCompany_tenantmoset description This is MyCompanymoset monitoring-policy defaultcd /aci/tenants/MyCompany/networkingcd /aci/tenants/MyCompany/networking/private-networksmocreate MyCompany_netcd MyCompany_netmoset description MyCompany Networkmoset bgp-timers defaultmoset ospf-timers defaultmoset monitoring-policy defaultcd /aci/tenants/MyCompany/networking/bridge-domainsmocreate MyCompany_domaincd MyCompany_domainmoset description MyCompany BDmoset network inbcd /aci/tenants/MyCompany/networking/private-networks/MyCompany_netcd /aci/tenants/MyCompany/networkingcd /aci/tenants/MyCompany
Do you want to commit changes? (y/n): y
Committing all the mos...Committed mo tenants/MyCompanyCommitted mo tenants/MyCompany/networking/private-networks/MyCompany_netCommitted mo tenants/MyCompany/networking/bridge-domains/MyCompany_domaindoneadmin@apic1:tenants>
Skipping PropertiesYou can use the Ctrl+N command to skip options within a wizard.
Wizards dynamically track missing properties. If you skip a property, you can run the appropriate wizardto complete the configuration later. For example, if you run the tenant wizard, you can skip propertieswithin the private-network context:
Note
admin@apic1:tenants> ./tenant.wiz<output truncated>private-network---------------name : Company_netdescription : s...skippingbgp-timers : s...skippingospf-timers : s...skippingmonitoring-policy : s...skipping
bridge-domain---------------
name : default
<output truncated>
Later, you can run the private-network wizard later to complete the configuration.admin@apic1:networking> lsbridge-domains external-routed-networks fv-tenant-common fv-tenant-mgmtprivate-network.wiz protocol-policiesexternal-bridged-networks fv-tenant-MyCompany fv-tenant-infra fv-tenant-test
Cisco APIC Object Model Command-Line Interface User Guide 11
Using the APIC CLISkipping Properties
private-networksadmin@apic1:networking> ./private-network.wiz
Creating Configuration TemplatesConfiguration templates allow you to create reusable network configurations that you can apply usingorchestration tools, shell scripts, and other tools. The following sections describe how to use the APIC CLIto create configuration templates.
Creating Templates Using the moconfig CommandThemoconfig command simplifies the process of creating configuration templates. When you create aconfiguration using the GUI, CLI, or API, you can use themoconfig running command to display the resultingconfiguration in a given context.
For example, you can use the GUI to create a tenant configuration including the following properties:
• Name
• Alias
• Description
• Tags
• Monitoring Policy
• Security Domains
After you enter the configuration in the GUI, you can use themoconfig command in the new APIC contextto display the commands that make up the configuration. For example, if you create a new tenantMyCompany,you can display the configuration commands as follows:admin@apic1:tenants> lscommon infra mgmt MyCompany tenant.wizadmin@apic1:tenants> cd MyCompany/admin@apic1:MyCompany> moconfig runningcd /aci/viewfs/tenantsmocreate MyCompanycd MyCompanymoset description 'My Company Network'moset alias Homemoset monitoring-policy defaultmoconfig commitcd networkingcd private-networksmocreate local_netcd local_netmoset description 'Local network'moset bgp-timers defaultmoset ospf-timers defaultmoset monitoring-policy defaultmoconfig commitcd ..cd ..cd bridge-domainsmocreate BD1cd BD1moset description 'Bridge domain 1'moset custom-mac-address 00:22:BD:F8:19:FFmoset arp-flooding nomoset unicast-routing yes
Cisco APIC Object Model Command-Line Interface User Guide12
Using the APIC CLICreating Configuration Templates
moset network overlay-1moconfig commitcd ..cd ..cd ..cd ..admin@apic1:MyCompany>For more information about using themoconfig running command, see the moconfig. .
Creating Templates using Configuration WizardsWhen running a configuration wizard, you can use the corresponding commands option to summarize theconfiguration created by the wizard. You can modify and replicate this configuration on other nodes or devices.
The following example shows how to display the command output from a configuration wizard.
The command output is truncated.Note
admin@apic1:tenants> ./tenant.wiz
<Output truncated>
Do you want to create another private-network (y/n): n
Do you want to view the corresponding commands? (y/n): y--------------------------------------------------------------------------------mocreate MyCompanycd MyCompanymoset alias Homemoset description My Company Networkmoset monitoring-policy defaultcd /aci/tenants/MyCompany/networkingcd /aci/tenants/MyCompany/networking/private-networksmocreate local_netcd local_netmoset description Local networkmoset bgp-timers defaultmoset ospf-timers defaultmoset monitoring-policy defaultcd /aci/tenants/MyCompany/networking/bridge-domainsmocreate BD1cd BD1moset description Bridge domain 1moset network overlay-1cd /aci/tenants/MyCompany/networking/private-networks/local_netcd /aci/tenants/MyCompany/networkingcd /aci/tenants/MyCompany--------------------------------------------------------------------------------<Output truncated>For more information about using wizards, see Using Configuration Wizards.
Customizing CommandsThe APIC CLI allows you to extend Linux commands in the Bash interface using YAML (.yml) files in the/etc/scopedefs directory. YAML configuration files specify Linux commands to run and available options ateach scope.
You can use YAML files to create new commands and extend existing Linux commands. YAML files allowyou to define custom interfaces for users by placing a unique .yml file in the user's scope in the MIT.
You can customize the following commands using YAML.
Cisco APIC Object Model Command-Line Interface User Guide 13
Using the APIC CLICreating Templates using Configuration Wizards
• show—Displays the APIC configuration in a format similar to Cisco IOS and NX-OS. For moreinformation, see show.
• create— Executes a wizard within a given scope; the wizard creates relevant objects in the MIT. Formore information, see create.
• where—Displays the directory for a context, such as tenant or l4-l7-services. For more information, seewhere.
• scope—To jump to the directory for a context, such as tenant or l4-l7-services. For more information,see scope.
• attach—Opens an SSH session to a specified fabric node. For more information, see attach.
Sample YAML Command Definitions
controller Command
The following example shows the controller command output:admin@apic1:aci> controller
operational-cluster-size : 3differences-between-local-time-and-unified-cluster-time : 0administrative-cluster-size : 3
controllers:id name ip cluster-admin-state cluster-operational- health-state up-time
system-current-timestate
-- ----- -------- ------------------- -------------------- ------------ ------------------------------------
1 apic1 10.0.0.1 in-service available fully-fit 62:02:38:00.0002014-05-
01T21:40:46.120+00:002 apic2 10.0.0.2 in-service available fully-fit 62:02:38:00.0002014-05-
01T21:40:46.211+00:003 apic3 10.0.0.3 in-service available fully-fit 62:02:38:00.0002014-05-
01T21:40:46.263+00:00
The following example shows the YAML definition of the controller command:- controller:
help: 'Controller Node'type: aliasdirFormat: '/aci/system/controllers/'fileType: 'summary'sub:
- name: idlabel: idtype: argmodelclass: fabric.Nodemodelprop: idclassfilter: 'fabric.Node.role == "1"'dirFormat: '/aci/system/controllers/%(id)s'fileType: 'summary'help: 'controller'
Cisco APIC Object Model Command-Line Interface User Guide14
Using the APIC CLISample YAML Command Definitions
tenant Command
The following example shows the tenant command output:admin@apic1:~> show tenant infra bridge-domains default# Executing command: cat /aci/tenants/infra/networking/bridge-domains/default/mo
# bridge-domain
# Naming properties (DO NOT EDIT):# name : default
# Configurable Properties:description :custom-mac-address : 00:22:BD:F8:19:FFl2-unknown-unicast : hardware-proxyarp-flooding : nounicast-routing : yesownerkey :ownertag :network : overlay-1igmp-snoop-policy :end-point-retention-policy :l3-out :external-route :route-profile :monitoring-policy :The following example shows an excerpt of the YAML definition of the tenant command:- tenant:
help: 'Tenant'type: aliasdirFormat: '/aci/tenants/'fileType: 'summary'name: tenantsub:- name: namelabel: nametype: argmodelclass: fv.Tenantmodelprop: namedirFormat: '/aci/tenants/%(name)s'fileType: 'summary'help: Tenant namesub:- name: bridge-domainslabel: bridge-domainstype: keyworddirFormat: '/aci/tenants/%(name)s/networking/bridge-domains/'fileType: 'summary'help: "All Bridge-domains"sub:- name: bdlabel: bridge-domain-nametype: argmodelclass: fv.BDmodelprop: namedirFormat: '/aci/tenants/%(name)s/networking/bridge-domains/%(b\d)s'fileType: 'mo'help: Bridge domain name
- name: application-profileslabel: application-profilestype: keyworddirFormat: '/aci/tenants/%(name)s/application-profiles/'fileType: 'summary'help: "All application profiles"sub:- name: aplabel: application-profile-nametype: argmodelclass: fv.Apmodelprop: namedirFormat: '/aci/tenants/%(name)s/application-profiles/%(ap)s'
Cisco APIC Object Model Command-Line Interface User Guide 15
Using the APIC CLISample YAML Command Definitions
fileType: 'mo'help: Application profile name
- name: private-networkslabel: private-networkstype: keyworddirFormat: '/aci/tenants/%(name)s/networking/private-networks/'fileType: 'summary'help: "All private networks"sub:- name: pnlabel: private-network-nametype: argmodelclass: fv.Ctxmodelprop: namedirFormat: '/aci/tenants/%(name)s/networking/private-networks/%\(pn)s'fileType: 'mo'help: Private network nametype: argmodelclass: fv.Ctxmodelprop: namedirFormat: '/aci/tenants/%(name)s/networking/private-networks/%\(pn)s'fileType: 'mo'help: Private network name(...)
YAML File Format
File Format
You can use the following keywords to define using custom command a .yml file.
• help—A help string that defines the function of the command, argument, or keyword, as follows: help:'Displays faults for the current path.'
• type—Specifies one of the following command actions:
◦alias—Similar to a standard Unix alias command. References a directory in the MIT.
◦command—Executes a unix command, such as cat or version.
◦showcmd—Executes a show option within a configuration command, such as firmware list.
• dirFormat—Specifies the directory format for the scope. For example,aci/fabric/inventory/pod-1/node-%(id)s specifies a subdirectory for each node.
%(<arg>)s specifies an argument in the dirFormat and cmdFormat strings.Note
• fileType—Specifies a file type: you can specify summary or mo.
• cmdFormat—Defines the command to execute, as shown in the following example: cmdFormat:'eventlog' You can specify that a command execute in a specific scope.
• The following options describe command arguments and keywords.
◦sub—Defines a sub-scope. Applies only to alias commands.
◦name—The name of the argument or keyword.
◦label—Defines a label for the argument or keyword.
Cisco APIC Object Model Command-Line Interface User Guide16
Using the APIC CLIYAML File Format
◦type—The sub-command parameter type. arg specifies an argument; keyword specifies a keyword.
◦
• You can use the following options for autocompletion:
◦classfilter—Defines a class filter. For example, classfilter: 'fabric.Node.role == "1"' restrictsresults to MOs that have a role value of 1.
◦fill—Enter fill: auto to display child directories for a scope. Applies only to alias commands.
◦modelclass—Defines a scope used to autocomplete results.
◦modelprop—Defines a property used to autocomplete results, such as name or id.
Cisco APIC Object Model Command-Line Interface User Guide 17
Using the APIC CLIYAML File Format
Cisco APIC Object Model Command-Line Interface User Guide18
Using the APIC CLIYAML File Format
C H A P T E R 3Command Reference
This chapter describes the following CLI commands:
• Command Help, page 20
• attach, page 20
• auditlog, page 21
• create, page 21
• controller, page 22
• diagnostics, page 23
• eraseconfig, page 24
• eventlog, page 24
• faults, page 25
• firmware, page 26
• health, page 28
• loglevel, page 29
• man, page 30
• mobrowser, page 30
• moconfig, page 31
• mocreate, page 32
• modelete, page 32
• mofind, page 33
• moprint, page 33
• moquery, page 35
• moset, page 36
• mostats, page 37
Cisco APIC Object Model Command-Line Interface User Guide 19
• password, page 39
• reload, page 40
• scope, page 40
• show, page 41
• svcping, page 42
• techsupport, page 43
• trafficmap, page 44
• troubleshoot eptoep session (IP and MAC), page 45
• troubleshoot epext session EP-to-External-IP and External-IP-to-EP, page 46
• troubleshoot eptoep session <session name>, page 46
• troubleshoot eptoep session <session name> atomiccounter, page 47
• troubleshoot eptoep session <session name> traceroute, page 48
• troubleshoot eptoep session <session name> traceroute protocol, page 48
• troubleshoot eptoep session <session name> traceroute protocol tcp dst port, page 48
• show troubleshoot eptoep, page 49
• show troubleshoot eptoep session <session name>, page 49
• version, page 50
• where, page 51
Command HelpYou can use the following tools to display CLI command help:
• command-name -help—Displays a brief summary of the command.
admin@apic1:aci> controller -hUsage: controller [TARGETNODE_ID] [commission|decommission]
Display controller info. Commission or Decommission controllers.
Options:-h --help
• man command-name—Displays a Linux-style man page for the command.admin@apic1:aci> man controller
attachThe attach command opens an SSH session to a specified fabric node.
attach apic1
Cisco APIC Object Model Command-Line Interface User Guide20
Command ReferenceCommand Help
attach leaf1
attach spine1
Example
The following example shows how to use the attach command to connect the leaf1 node:admin@apic1:aci> attach leaf1# Executing command: ssh leaf1Warning: Permanently added 'leaf1,10.0.75.31' (RSA) to the list of known hosts.admin@leaf1's password:admin@leaf1:~>
auditlogAn audit log includes auditing information such as login and logout times. To display an audit summary fora given node, module, or interface, use the auditlog command.
auditlog [ auditlog-id]
Syntax Description Specifies an audit log number to display.auditlog-id
Example
The following example shows how to use the auditlog command:admin@apic1:Solar> pwd/home/admin/aci/tenants/Solaradmin@apic1:Solar> auditlog 4294967305ID : 4294967305Description : Tenant Solar createdAffected Object : uni/tn-SolarTime Stamp : 2014-07-21T20:00:25.518+00:00Cause : transitionCode : E4206326Severity : infoChange Set : name:SolarAction Performed : creationAction Trigger : configTransaction ID : 14411518807585652035User : admin
createThe create command executes a wizard within a given scope; the wizard creates relevant objects in the MIT.
create scope
Cisco APIC Object Model Command-Line Interface User Guide 21
Command Referenceauditlog
Example
The following example shows how to use the create command:admin@apic1:~> create tenant# Executing command: 'cd /aci/tenants; ./tenant.wiz'
Create Tenant:--------------Name : CiscoDescription : Cisco SystemsMonitoring Policy:
Security Domains:-----------------Name :skipping...
Create new network:-------------------Name :skipping...
Do you want to view the corresponding commands? (Yes/No): Yes-------------------------------------------------------------------------mocreate Ciscopushd .cd Tenant-Testmoset description "Cisco Systems"
pushd .cd security-domainspopd
pushd .cd networking
pushd .cd private-networkspopdpopdpopd--------------------------------------------------------------------------------
Do you want to commit changes? (Yes/No): YesAdding mo tenants/CiscoAll requests processed successfully!The tenant section of the create YAML file is defined as follows:- tenant:help: 'Tenant'type: aliasdirFormat: '/aci/tenants/'fileType: 'summary'createFile: tenant.wizname: tenant
For more information about YAML (.yml) file formats, see Customizing Commands.Note
controllerTo display controller information or to commission or decommission a node, use the controller command.
controller [controller-id] [commission | decommission]
Cisco APIC Object Model Command-Line Interface User Guide22
Command Referencecontroller
Syntax Description Commissions (creates) a node.commission
Decommissions a specified node.decommission
The controller ID.controller-id
Example
The following example shows how to use the controller command:admin@apic1:> controller 1 decommission
diagnosticsTo display equipment diagnostic tests, use the diagnostics command.
diagnostics node-id
Syntax Description The target node ID or node name. You can specify arange of node IDs or a list of node names.
node-id
Example
The following example shows how to use the diagnostics command:admin@apic1:aci> diagnostics 1Dn Group Model Subject Class Test Set
----------------------------------------------------------------------------------------------topology/pod-1/node- internal-conn N9K-C9396PX eqptSupC mgmtp-lb
19/sys/diag/grptests-
eqptSupC-model-[N9K-
C9396PX]-grp-internal-
conn
topology/pod-1/node- cpu N9K-C93128TX eqptSupC cpu-cache
19/sys/diag/grptests-
eqptSupC-model-[N9K-
C93128TX]-grp-cpu
topology/pod-1/node- sys-mem N9K-C93128TX eqptSupC bios-mem,mem-health
19/sys/diag/grptests-
eqptSupC-model-[N9K-
C93128TX]-grp-sys-mem
Cisco APIC Object Model Command-Line Interface User Guide 23
Command Referencediagnostics
topology/pod-1/node- peripherals Nagano eqptSupC act2-acc,cons-dev,fpga-
19/sys/diag/grptests- reg-chk,ge-
eqptSupC-model- eeprom,nvram-
[Nagano]-grp- cksum,obfl-acc,spi-
peripherals cksum,ssd-acc,usb-bus
topology/pod-1/node- fex NXS8-4532 eqptLC extch-fp,extch-
19/sys/diag/grptests- hp,extch-sprom
eqptLC-model-[NXS8-
4532]-grp-fex
admin@apic1:aci>
eraseconfigTo erase the APIC configuration excluding first-time setup information and reboot the APIC, use theeraseconfig command.
This command causes the APIC to reboot.Note
This command is removed in APIC Release 1.2(2) and later releases. Use the acidiag touch commandfollowed by a reboot to erase the configuration. See the acidiag command documentation in the CiscoAPIC Troubleshooting Guide.
Note
eraseconfig [ setup ]
Syntax Description Erases first-time setup information. After the reboot,the first-time APIC setup dialog appears on theconsole.
setup
Example
The following example shows how to use the eraseconfig command:admin@apic1:~> eraseconfig
eventlogTo display an event summary for a given node, module, or interface, use the eventlog command.
Cisco APIC Object Model Command-Line Interface User Guide24
Command Referenceeraseconfig
eventlog controller node-id
eventlog switch node-id
eventlog switch interface interface-name node-id
eventlog switch module module-id node-id
eventlog switch module module-id port port-number node-id
Syntax Description Displays event log for a controller.controller
Displays event log for a switch.switch
The target node ID or node name. You can specify a range ofnode IDs or a list of node names.
node-id
Specifies an interface ID or interface range.interface
The interface ID or range.interface-name
Specifies a module.module
The module ID.module-id
Example
The following example shows how to use the eventlog command:admin@apic1:/> eventlog switch 101 interface eth1/1
faultsTo display a summary of faults on a given node, module, port, or interface, use the faults command.
faults switch node-id {ack| detail| history| interface interface-name|module module-id port port-number|unack} fault-code
faults controller controller-id {ack| detail| history| unack} fault-code
Syntax Description Displays health log for a controller.controller
Specifies a controller.controller-id
Displays health log for a switch.switch
The target node ID or node name. You can specify a range ofnode IDs or a list of node names.
node-id
Cisco APIC Object Model Command-Line Interface User Guide 25
Command Referencefaults
Specifies an interface ID or interface range.interface
The interface ID or range.interface-name
Specifies a module.module
The module ID.module-id
Displays fault detail.detail
Displays acknowledged faults.ack
Displays unacknowledged faults.unack
Displays historical records.history
Specifies a port range.port
The port number(s).port-number
Specifies a fault code.fault-code
Example
The following example shows how to use the faults command:admin@apic1:faults> faults controller 1 detail
firmwareTo manage firmware images in the repository on a fabric controller node, use the firmware command.
This command is provided for local controller software upgrades; you can use policy-driven firmwareupgrades to upgrade firmware on fabric controller nodes within a cluster.
Note
firmware add image-name
firmware delete image-name
firmware upgrade status
firmware upgrade status node node-id
firmware upgrade catalog image-name
firmware upgrade controller image-name
firmware upgrade switch node node-id image-name
Cisco APIC Object Model Command-Line Interface User Guide26
Command Referencefirmware
Syntax Description Adds a firmware image to the repository. You candownload the firmware using SCP, FTP, HTTP, orany method for which the user is authorized.
add
Removes a firmware image from the repository.delete
The name of the image file.image-name
Lists firmware images in the firmware repository.list
Upgrades the firmware on a switch or the local APIC.upgrade
Specifies a local image installation the controller.controller
Displays the firmware update status.status
The target node ID or node name. You can only installfirmware on one node at a time.
In the case of an APIC, the firmware isinstalled on all APICs in the cluster.
Note
node-id
Specifies an image installation on a switch.switch
Upgrades an image within the image catalog.catalog
Example
The following examples show how to use the firmware command:admin@apic1:~> firmware listName Type Major-Version Minor-Version Size(Bytes) Download-Date----------------------- ------- ------------- ------------- --------------------------------ifabric-k9-catalog- catalog 1.0 (0.566) 7461 2014-01-1.0.0-566.bin28T11:17:36.054+00:00admin@apic1:~> firmware add ifabric-k9-simsw-1.0.0-559.binFirmware Image ifabric-k9-simsw-1.0.0-559.bin is added to the repository
admin@apic1:~> firmware listName Type Major-Version Minor-Version Size(Bytes) Download-Date----------------------- ------- ------------- ------------- --------------------------------ifabric-k9-catalog- catalog 1.0 (0.566) 7461 2014-01-1.0.0-566.bin28T11:17:36.054+00:00ifabric-k9-simsw-1.0.0- switch 1.0 (0.559) 854412177 2014-01-559.bin
admin@apic1:~> firmware upgrade switch node 17 ifabric-k9-simsw-1.0.0-559.binFirmware Installation on Switch ScheduledTo check the upgrade status, use 'firmware upgrade status -t <node-id>'admin@apic1:~>admin@apic1:~> firmware upgrade status node 17Firmware Upgrade Status:Upgrade-Status Status Desired-Version Install-Stage Start-Date End-Date
-------------- ------ ---------------- ----------------- ------------------------------------------inprogress simsw-1.0(0.559) InstallNotStarted 2014-01- 2014-01-
Cisco APIC Object Model Command-Line Interface User Guide 27
Command Referencefirmware
28T11:26:38.313+00:0028T10:59:37.746+00:00.admin@apic1:~> firmware upgrade statusNode-Id Role Upgrade-Status--------------------------------------3 controller notscheduled17 leaf completeok20 spine notscheduled1 controller notscheduled2 controller notscheduled19 spine notscheduled18 leaf notscheduled
healthTo display a health summary of a node, module, interface, or port, use the health command.
health switch node-id {ack| detail| history| interface interface-name|module module-id port port-number|unack}
health controller controller-id {ack| detail| history| unack}
Syntax Description Displays faults for a controller.controller
Displays faults for a switch.switch
The target node ID or node name. You can specify arange of node IDs or a list of node names.
node-id
Specifies an interface or interface range.interface
The interface name or range.interface-name
Specifies one or more modules by ID.module
The module name.module-id
Specifies a port or port range.port
The port number or range.port_id
Displays historical records.history
Example
The following example shows how to use the health command:
admin@apic1:admin> health switch 101 interface eth1/1Current Score Previous Score Timestamp------------- -------------- ---------------------95 96 2014-07-
21T15:25:24.092+00:00
Total : 1
Cisco APIC Object Model Command-Line Interface User Guide28
Command Referencehealth
loglevelTo display the logging settings on the APIC, use the loglevel command.
loglevel get node node-name dme dme-name
loglevel set node node-name dme dme-name topic topic-name severity severity-level
Syntax Description Returns the service log level on a node.get
Sets the service log level on a node.set
Specifies a node.node
The node name.node-name
Identifies a service process running on the node.dme
The service process (DME) name. Available DMEsvary by node and include:
• ae
• appliancedirector
• bootmgr
• dbgr
• eventmgr
• nginx
• observer
• policymgr
• scripthandler
• topomgr
• vmmmgr
dme-name
Specifies a logging subsystem.topic
The logging subsystem.topic-name
Specifies a logging severity level.severity
Cisco APIC Object Model Command-Line Interface User Guide 29
Command Referenceloglevel
The logging severity level. You can set the followingvalues:
• CRIT—Critical error
• ERROR—Major error
•WARN—Warning
• INFO—Informational error
• DBG4—Debug level 4
• DBG3—Debug level 3
• DBG2—Debug level 2
severity-level
Example
The following example shows how to use the loglevel command:admin@apic1:pod-1> loglevel get node spine1 dme dbgrelemlogDefault : DBG4
manTo display the man (manual) page for a command, use theman command.
man command-name
Syntax Description The command name.command-name
Example
The following example shows how to use theman command:admin@apic1> man trafficmap
mobrowserTo launch the managed object (MO) browser, use themobrowser command.
mobrowser [scope]
Syntax Description Specifies a scope within the MIT, such as aaa oraccess.
scope
Cisco APIC Object Model Command-Line Interface User Guide30
Command Referenceman
Example
The following example shows how to use themobrowser command:admin@apic1:> mobrowser
moconfigTo commit or discard a configuration stored in the configuration buffer, use themoconfig command.
moconfig{commit| discard| diff| running}
Syntax Description Commits the configuration stored in the configuration buffer.commit
Discards the configuration stored in the configuration buffer.discard
Displays a summary of the difference between the active configuration and theconfiguration buffer.
diff
Shows the CLI commands used to create a configuration for a given context. Thisoption simplifies the process of creating template configurations. For moreinformation about configuration templates, see Creating Configuration Templates.
running
Example
The following examples show how to use themoconfig command:admin@apic1:local-users> moconfig diff--- ./mario/mo 2013-10-01 21:17:06.000000000 -0700+++ ./mario/mo.buffer 2013-10-01 21:17:53.000000000 -0700@@ -2,8 +2,8 @@local-user :----------login-id : george-first-name :-last-name :+first-name : George+last-name : Washingtonphone :email :description :
admin@apic1:local-users> moconfig commitCommit Successfuladmin@apic1:local-users> moconfig diffadmin@apic1:local-users>admin@apic1:aci > cd tenants/admin@apic1:tenants> moconfig runningcd /aci/viewfw/tenantscd networkingmocreate fv-tenant-commonmoconfig commitmocreate fv-tenant-testmoconfig commitmocreate fv-tenant-mgmtmoconfig commit
Cisco APIC Object Model Command-Line Interface User Guide 31
Command Referencemoconfig
cd external-routed-networksmocreate l3ext-out-xmoconfig commitmocreate l3-outside-xmoconfig commitcd l3-outside-xcd logical-node-profilesmocreate nodexcd nodexmoset tag yellow-greenmoconfig commit
mocreateTo create a managed object (MO), use themocreate command.
If you do not specify a scope, the command creates an MO in the current context.Note
mocreate [context] name property-name property-value
Syntax Description The context for the MO.context
(Optional) The MO name.name
(Optional) Specifies a property of the MO.property-name
(Optional) Specifies a value for the property.property-value
Example
The following example shows how to use themocreate command to create an MO representing a user:admin@apic1:node-associations> mocreate LS-all/admin@apic1:node-associations> moconfig commitCommitted mo'fabric/policies/fabric-policy-associations/leaf/node/LNP/node-associations/LS-all'All mos committed successfully.admin@apic1:node-associations> lsLS-all
To override default settings, you can specify additional properties with themocreate command, as shown inthe following example.admin@apic1:private-networks> pwd/aci/tenants/common/networking/private-networksadmin@apic1:private-networks> mocreate Private1 monitoring-policy Monitor1
modeleteTo remove a managed object (MO), use themodelete command.
Cisco APIC Object Model Command-Line Interface User Guide32
Command Referencemocreate
This command is typically used to remove a lower-level scope.Note
modelete mo-name
Syntax Description The directory name containing the MO.mo-name
Exampleadmin@apic1:node-associations> modelete LS-all/
mofindTo search for a selected MO within the management information tree (MIT), use themofind command.
mofind scope class package.class mo-value
Syntax Description Class argument; specifies a class of MO to returnclass
The name of the MO package.package
The name of the MO classclass
The MO namemo-value
Example
The following example shows how to use themofind command:admin@apic1:aci> mofind . class fv.Tenant /.aci/viewfs/tenants/t14/mo/.aci/viewfs/tenants/infra/mo/.aci/viewfs/tenants/common/mo/.aci/viewfs/tenants/Solar/mo/.aci/viewfs/tenants/mgmt/moadmin@apic1:aci> mofind . class aaa.User /.aci/mitfs/uni/userext/user-admin/mo/.aci/viewfs/admin/aaa/security-management/local-users/admin/mo
moprintTo specify an output format for managed objects and managed object buffer files, use themoprint command.
This command is useful for automation because it provides standardized output.Note
Cisco APIC Object Model Command-Line Interface User Guide 33
Command Referencemofind
moprint{exclude-help| include-help} {json| pretty| xml}
Syntax Description Specifies that the output omit property descriptionsexclude-help
Specifies that the output contain property descriptionsinclude-help
Specifies JSON outputjson
Specifies XML output in a tabular formatpretty
Specifies XML outputxml
Example
The following example shows how to use themoprint command to provide JSON output displaying MOproperties:admin@apic1:local-users> moprint jsonadmin@apic1:local-users> cat ./mario/mo{"aaaUser": {"attributes": {"aaaUserclearPwdHistory": {"value": "no"
},"aaaUseremail": {"value": ""
},"aaaUserlastName": {"value": "Washington"
},"aaaUserphone": {"value": ""
},"aaaUserdescr": {"value": ""
},"aaaUserexpiration": {"value": "never"
},"aaaUserexpires": {"value": "no"
},"aaaUserencPwd": {"value": ""
},"aaaUseraccountStatus": {"value": "active"
},"aaaUsername": {"value": "george"
},"aaaUserfirstName": {"value": "George"
},"aaaUserpwdLifeTime": {"value": "no-password-expiration"
},"aaaUserpwd": {"value": ""
}}
Cisco APIC Object Model Command-Line Interface User Guide34
Command Referencemoprint
}}
moqueryTo run a query for a managed object (MO), use themoquery command.
moquery{--help| --host host-id| --port portname| --dn dn| --klass classname| --filter property| --attrs attributes|--output output| -user username| --options options}
Syntax Description Specifies an APIC host.--help or –h
Specifies an APIC host.--host or –i
The host name or IP address of an APIC.host-id
Specifies a port for a REST interface.--port or –p
The REST interface port number.portname
Specifies a distinguished name (DN) for a managedobject (MO).
--dn or –d
The DN of an MO.dn
Specifies a class name for the query.--klass or –c
Specifies a class. You can enter multiple classesseparated by commas.
classname
Specifies a property on which to filter MOs.--filter or –f
The property on which to filter MOs.property
Specifies the attributes that the query displays.--attrs or –a
The type of attributes to display. You can chooseconfig (configuration attributes) or all. If config isselected, only configurable attributes are displayed.Unless the table output format is specified, the defaultis all.
attributes
Specifies a query output format.--output or –o
The query output format. You can choose json, xml,block, or table.
output
Specifies a user name.--user or –u
The user name.username
Specifies query options.--options or –x
The query options to enable. For more information,see Usage Guidelines.
options
Cisco APIC Object Model Command-Line Interface User Guide 35
Command Referencemoquery
Usage Guidelines Using --options (or –x), you can specify query options as supported by the REST API. You can add multipleoptions statements to the command, using syntax such as the following:
-x [OPTIONS [OPTIONS ...]] [-x [OPTIONS [OPTIONS ...]]]
For example:
moquery -c firmwareCtrlrFwStatusCont -x query-target=subtree
target-subtree-class=firmwareCtrlrRunning
Example
The following example shows how to use themoquery command:admin@apic1:~> moquery --dn unallocencap-[uni/infra]Total Objects shown: 1
# stp.UnAllocEncapContinfraPKey : uni/infraallocSize : 0childAction :descr :dn : unallocencap-[uni/infra]lastAssigned : 8192lcOwn : localmodTs : 2014-07-26T16:46:27.176+00:00name :ownerKey :ownerTag :rn : unallocencap-[uni/infra]size : 0status :
mosetTo set the properties for a managed object (MO), use themoset command.
moset { property-name property-value [add | remove ] }
Syntax Description Property nameproperty-name
Property valueproperty-value
Adds a property to the managed objectadd
Removes a property from the managed objectremove
Example
The following example shows how to use themoset command to set the properties of a managed object:admin@apic0:local-users> cat george/mo# aaa.Userlocal-user :----------login-id : georgefirst-name :
Cisco APIC Object Model Command-Line Interface User Guide36
Command Referencemoset
last-name :phone :email :description :account-status : activeaccount-expires : noexpiration-date : neverclear-password-history : noencrypted-password :password :password-life-time : no-password-expirationadmin@apic0:local-users> moset first-name George last-name Washingtonadmin@apic0:local-users> cat mario/mo.buffer# aaa.Userlocal-user :----------login-id : georgefirst-name : Georgelast-name : Washingtonphone :email :description :account-status : activeaccount-expires : noexpiration-date : neverclear-password-history : noencrypted-password :password :password-life-time : no-password-expirationadmin@ifc0:local-users>
mostatsTo display statistics for a MO, use themostats command.
mostats [stats-class] [sampling-interval interval] [location location-name] [counter counter-name] [valuesvalues-name] [from date-from] [to date-to] [thresholded thresholded-flags] [output-to outputname]
Syntax Description Statistics type; use Tab autocomplete to display a list of available statistics inthe current scope
stats-class
Specifies a sampling interval for the statisticsampling-interval
Cisco APIC Object Model Command-Line Interface User Guide 37
Command Referencemostats
Sampling interval; you can choose the following values:
• 5min
• 15min
• 1h
• 1d
• 1w
• 1mo
• 1qtr
• 1year
5 minutes is the default value
interval
Specifies a location from which to display statisticslocation
Location from which to display statistics; you can chose history or currentlocation-name
Specifies a specific counter to display. If you omit this keyword, the commanddisplays all counters.
counter
Counter name. If you do not specify a counter name, the command displaysthe value of all counters.
You can use autocomplete to display a list of available counters.
counter-name
Specifies specific values to displayvalues
Type of values to display. You can use autocomplete to display a list ofavailable values.
Statistics values vary according to the specified counter and location.Note
values-name
Specifies a start date and time for statistics. This keyword is used for historicalstatistics.
from
Start date for the querydate-from
Specifies an end date and time for statistics. This keyword is used for historicalstatistics.
to
End date for the querydate-to
Specifies historical statistics that have crossed exceeded a threshold valuethresholded
The threshold flag valuethresholded-flags
Specifies a specific output typeoutput-to
Cisco APIC Object Model Command-Line Interface User Guide38
Command Referencemostats
Output type; you can choose the following values:
• table
• graph
output-name
Example
The following example shows how to use themostats command:admin@apic0:leafport-17> mostats ingress-byte-counters location historyCounters:
flood (bytes) : periodic valuemulticastRate (bytes-per-second) : average valuemulticast (bytes) : periodic valueunicastRate (bytes-per-second) : average valueunicast (bytes) : periodic value
Time Interval flood multicastRate multicast unicastRate unicast
2013-10-23 13:40:10 + 300sec 1692622494 6038011 1811403699 5959938 1787981697
2013-10-23 13:45:10 + 290sec 1701770043 5896513 1709988944 6350713 1841707150
2013-10-23 13:50:00 + 300sec 1875699742 6327240 1898172394 5204047 1561214263
2013-10-23 13:55:00 + 300sec 1991025635 6407343 1922203057 5961950 1788585183
2013-10-23 14:00:00 + 310sec 2020555778 6857403 2125795303 7152710 2217340307
2013-10-23 14:05:10 + 290sec 1884001802 6545303 1898138103 5878862 1704870238
2013-10-23 14:10:00 + 310sec 2037567241 5880848 1823063295 6927670 2147577849
2013-10-23 14:15:10 + 300sec 1651084097 6128338 1838501627 5696007 1708802494
2013-10-23 14:20:10 + 300sec 2119253728 5719718 1715322961 5606184 1681939173
2013-10-23 14:25:10 + 300sec 1824918785 6553074 1965922597 6167935 1850380704
2013-10-23 14:30:10 + 300sec 1794072506 6508516 1952555134 6745063 2023519193
2013-10-23 14:35:10 + 290sec 2305467846 6493923 1883237807 6693507 1941117370
passwordTo change the password on the APIC , use the password command.
password
Example
The following example shows how to use the password command:admin@apic1:aci> passwdChanging password for user admin.(current) password:New password:Retype new password:
Cisco APIC Object Model Command-Line Interface User Guide 39
Command Referencepassword
Password for user admin is changed successfully.admin@apic1:aci>
reloadTo reload a specified node or module, use the reload command.
If you do not specify a node, the command reloads the node in the current context.Note
reload {controller | switch} node-id
Syntax Description Reloads a controllercontroller
Reloads a switchswitch
The target node ID or node name. You can specify a range of node IDsor a list of node names.
node-id
Example
The following example shows how to use the reload command:admin@apic1:aci> reload switch 118
scopeTo jump to the directory for a scope, use the scope command.
The where command displays the MIT directory for a context, while scope opens the directory.Note
scope scope-name
Syntax Description The scope name, such as aaa or access-policiesscope-name
Example
The following examples show how to use the scope command:admin@apic1:~> pwd/home/adminadmin@apic1:/> scope tenantChanging directory to /.aci/tenants/admin@apic1:tenants> pwd
Cisco APIC Object Model Command-Line Interface User Guide40
Command Referencereload
/aci/tenants
showThe show command displays the APIC configuration in a format similar to Cisco IOS and NX-OS. Thecommand is similar to the alias Linux command.
show context
Syntax Description The context name, such as aaa or access-policiescontext
Contexts
The following example shows the standard show options:admin@apic1:~> show <Esc><Esc>aaa aaaaccess Fabric Access Policiesauditlog Show auditlog on current pathbgp Show BGP informationcdp Show Cisco Discovery Protocol informationcontroller Controller Nodecores coreseventlog Show eventlog on current pathexternal-data-collectors external-data-collectorsfabric Fabric Detailsfaults Show faults current pathfex Show fex informationfirmware Show firmwarehealth Show health on current pathhistorical-record-policy historic-record-policiesimport-export Import/Exportinterface Show interface status and informationinterface-policies interface-policiesip Display IP informationisis Display IS-IS status and configurationl4-l7 L4-L7 Sevices Detailslldp Show information about lldpmodule Show module informationschedulers schedulersswitch Switch Nodetenant Tenanttrafficmap Show trafficmapversion Show versionvmware VMware vCenter/vShield Controllersvpc Show vpc information
Customizing the show Command
You can customize the show command with a simple YAML (.yml) configuration. For examples, see the .ymlfiles in the /etc/scopedefs directory.
You can define custom show commands by creating a .yml file in your /home/username/scopedefs/ directory.You can ignore specific show scopes by adding them to the /home/username/scopedefs/.ignore.yml file.
Cisco APIC Object Model Command-Line Interface User Guide 41
Command Referenceshow
You can also define custom show commands that execute at that specific scope, as shown in the cmdFormatvalue in the following example:vmware :type: aliashelp: "VMware vCenter/vShield Controllers"name: vmwarelabel: vmwaresub:
- name: controllerslabel: controllerstype: keywordcmdFormat: "find /aci/vm-networking/inventory/VMware/vmm-domains/ -name controllers
-exec echo ';' -exec echo {} ';' -exec cat '{}/summary' ';'"help: "Status of all Controllers"
- name: domainlabel: domaintype: keywordhelp: "Domain"
For more information about YAML (.yml) file formats, see Customizing Commands.Note
Example
The following example shows how to use show to view local users.admin@apic1:~> show aaa local-users# Executing command: cat /aci/admin/aaa/security-management/local-users/summary
local-users:login-id first-name last-name email phone-------- ---------- --------- ----- -----admin
The following excerpt shows the YAML definition for the aaa scope of the show command.- aaa:name: aaahelp: 'aaa'type: aliasdirFormat: ' 'sub:
- name: local-userslabel: local-userstype: keyworddirFormat: '/aci/admin/aaa/security-management/local-users/'fileType: 'summary'help: 'local users'
svcpingTo ping the management interface of a service device, use the svcping command.
This command is supported within the Management Information Tree file system (mit); the command isnot supported within the aci file system.
Note
svcping path
Cisco APIC Object Model Command-Line Interface User Guide42
Command Referencesvcping
Syntax Description The path of the service device (CDev) within the mit file systempath
techsupportTo display troubleshooting information, use the techsupport command.
techsupport all { [status] | [remotename fname ] }
techsupport controllers [status]
techsupport controllers remotename fname
techsupport db svc svcname [delete]
techsupport local
techsupport remote { list | name} [ fname ] {delete | [ {host remoteport protocol username passwordremotepath } ] }
techsupport switch nodeid { [status] | [remotename fname ] }
Syntax Description Displays tech support information for all nodes in the ACI fabricall
Displays faults for fabric controllerscontrollers
Collects a snapshot of database information.db
Removes a tech support filedelete
The name of the remote destinationfname
The remote host namehost
Lists all remote destinationslist
Collects tech support information locallylocal
Specifies a remote destinationname
The target node ID or node name. You can specify a range of node IDsor a list of node names.
node-id
Lists, adds, or deletes remote destinations for tech support informationremote
The name of a remote destinationremotename
The path to the remote destinationremotepath
The remote port numberremoteport
The passport for the remote destinationpassword
The protocol for the remote destinationprotocol
Cisco APIC Object Model Command-Line Interface User Guide 43
Command Referencetechsupport
Status of the tech support outputstatus
Specifies a servicesvc
The service namesvcname
Displays faults for a switchswitch
The username for the remote destinationusername
The techsupport command exports a file containing information about the current state of the ACI fabric ornodes. This information is very helpful to Cisco support and frequently provides the information needed toidentify the source of a problem. The file is exported to the specified remote destination.
Beginning in Cisco APIC Release 1.1, three files are created and exported by this command:
• filename.tar.gz—Contains configuration files, faults, events, debug counters, and other systeminformation.
• filename_db.tar.gz—Contains databases (.db files) collected from the node, one for each shard andreplica.
• filename_logs.tar.gz—Contains all logs collected from the node. For a switch node, the NX-OStechsupport data is included in this file.
Example
The following example shows how to use the techsupport command in releases earlier than Cisco APICRelease 1.1.
admin@apic1:~> techsupport switch 101Triggering techsupport for Switch 101 using policy supNode101Triggered on demand tech support successfully for node 101, will be available at:/data/techsupport on the controller.Use 'status' option with your command to check techsupport status
trafficmapTo display a summary of traffic between two nodes, use the trafficmap command.
controller srcnode source-node-id destnode dest-node-id
Syntax Description Specifies a node namesrcnode
The source node namesource-node-id
Specifies a destination nodedestnode
The destination node namedest-node-id
Cisco APIC Object Model Command-Line Interface User Guide44
Command Referencetrafficmap
Example
The following example shows how to use the trafficmap command:admin@apic1:> trafficmap srcnode 102 destnode 112
troubleshoot eptoep session (IP and MAC)To create an IP troubleshooting session, use the troubleshoot eptoep session <session_name> srcip <src_ip>tenant <src_tenant> app <src_app> epg <src_epg> destip <dest_ip> tenant <dest_tenant> app <dest_app>epg <dest_epg> command.
To create a MAC troubleshooting session, use the troubleshoot eptoep session <session_name> srcmac<src_mac> tenant <src_tenant> app <src_app> epg <src_epg> destmac <dest_mac> tenant <dest_tenant>app <dest_app> epg <dest_epg> command.
Once the session is created, the following configuration options are available:
• atomiccounter start
• atomiccounter stop
• traceroute start
• traceroute stop
• traceroute protocol <prot> dstport <dst_port>
• report [<format>]
• delete
• description <descr>
• latestminutes <num_min>
• starttime <start_time> endtime <end_time>
• monitor destination tenant <tenant_name> application <appln> epg <epg_name> ip_addr <ip_address>srcipprefix <ip_prefix> [(flowid <flow_id>)]
• monitor stop
• scheduler <scheduler-name>
• scheduler delete
Examples
The following example shows how to create the IP troubleshoot eptoep session session:admin@apic1:/> troubleshoot eptoep session <session_name> srcip <src_ip> tenant <src_tenant>app <src_app> epg <src_epg> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg<dest_epg>
The following example shows how to create the MAC troubleshoot eptoep session session:admin@apic1:/> troubleshoot eptoep session <session_name> srcmac <src_mac> tenant <src_tenant>app <src_app> epg <src_epg> destmac <dest_mac> tenant <dest_tenant> app <dest_app> epg<dest_epg>
Cisco APIC Object Model Command-Line Interface User Guide 45
Command Referencetroubleshoot eptoep session (IP and MAC)
troubleshoot epext session EP-to-External-IP andExternal-IP-to-EP
To create an EP to external IP troubleshooting session, use the troubleshoot epext session <session_name>srcip <src_ip> tenant <src_tenant> app <src_app> epg <src_epg> destextip <dest_ip> command.
To create an external IP to EP troubleshooting session, use the troubleshoot epext session <session_name>srcextip <src_ip> destip <dest_ip> tenant <dest_tenant> app <dest_app> epg <dest_epg> command.
Once the session is created, the following configuration options are available:
• atomiccounter start
• atomiccounter stop
• traceroute start
• traceroute stop
• traceroute protocol <prot> dstport <dst_port>
• report [<format>]
• delete
• description <descr>
• latestminutes <num_min>
• starttime <start_time> endtime <end_time>
• monitor destination tenant <tenant_name> application <appln> epg <epg_name> ip_addr <ip_address>srcipprefix <ip_prefix> [(flowid <flow_id>)]
• monitor stop
• scheduler <scheduler-name>
• scheduler delete
Examples
The following example shows how to create the external IP troubleshoot epext session session:admin@apic1:/> troubleshoot epext session <session_name> srcextip <src_ip> destip <dest_ip>tenant <dest_tenant> app <dest_app> epg <dest_epg>
troubleshoot eptoep session <session name>To schedule a troubleshooting session, use the schedule troubleshoot eptoep session <session name>optioncommand.
Syntax Description Configure atomic counter between the source and destinationend-points
atomiccounter
Cisco APIC Object Model Command-Line Interface User Guide46
Command Referencetroubleshoot epext session EP-to-External-IP and External-IP-to-EP
Delete this troubleshoot sessiondelete
Textual description of this troubleshooting sessiondescription
Enter time window in number of minutes from current timelatestminutes
Configure monitor session to span the source and destinationinterfaces
monitor
Generate troubleshooting reportreport
Configure a scheduler for this sessionscheduler
Configure source endpoint IPsrcip
Configure source endpoint MACsrcmac
Time when the problem startedstarttime
Configure traceroute session between two endpointstraceroute
Example
The following example shows how to use the troubleshoot eptoep session <session name> command:admin@apic1:/> troubleshoot eptoep session <session name>report
troubleshoot eptoep session <session name> atomiccounterTo configure a new endpoint (ep) to endpoint atomic counter session, use the troubleshoot eptoep sessionnewSession atomiccounteroption command.
Syntax Description Start atomiccounter sessionstart
Stop atomiccounter sessionstop
Example
The following example shows how to use the troubleshoot eptoep session <session name> atomiccountercommand:admin@apic1:/> troubleshoot eptoep session <session name> atomiccounter start
Cisco APIC Object Model Command-Line Interface User Guide 47
Command Referencetroubleshoot eptoep session <session name> atomiccounter
troubleshoot eptoep session <session name> tracerouteTo configure a new endpoint (ep) to endpoint traceroute session, use the troubleshoot eptoep session<session name> tracerouteoption command.
Syntax Description Configure traceroute protocolprotocol
Start traceroute policystart
Stop traceroute policystop
Example
The following example shows how to use the troubleshoot eptoep session <session name> traceroutecommand:admin@apic1:/> troubleshoot eptoep session <session name> traceroute start
troubleshoot eptoep session <session name> tracerouteprotocol
To configure a new endpoint (ep) to endpoint traceroute protocol session, use the troubleshoot eptoep session<session name> traceroute protocoloption command.
Syntax Description Specify IP protocol (tcp|udp|icmp)<prot>
Example
The following example shows how to use the troubleshoot eptoep session <session name> tracerouteprotocol command:admin@apic1:/> troubleshoot eptoep session <session name> traceroute protocol icmp
troubleshoot eptoep session <session name> tracerouteprotocol tcp dst port
To configure a new endpoint (ep) to endpoint traceroute protocol session, use the troubleshoot eptoep session<session name> traceroute protocol tcpoption command.
Cisco APIC Object Model Command-Line Interface User Guide48
Command Referencetroubleshoot eptoep session <session name> traceroute
Syntax Description Specify destination L4 port to be used by traceroute<dstport>
Example
The following example shows how to use the troubleshoot eptoep session <session name> tracerouteprotocol command:admin@apic1:/> troubleshoot eptoep session <session name> traceroute protocol tcp dstport80
show troubleshoot eptoepTo show an endpoint (ep) to endpoint connection, use the show troubleshoot eptoepoption command.
Syntax Description Show session informationsession
Show all session namessessions
Example
The following example shows how to use the show troubleshoot eptoep command:admin@apic1:/> show troubleshoot eptoep
show troubleshoot eptoep session <session name>To show an endpoint (ep) to endpoint MAC session, use the show troubleshoot eptoep session <sessionname>option command.
Syntax Description Show atomic countersatomiccounter
Show audit informationaudit
Show contract informationcontracts
Show deployment changesdeployments
Show eventsevents
Show faultsfaults
Show monitor statusmonitor
Cisco APIC Object Model Command-Line Interface User Guide 49
Command Referenceshow troubleshoot eptoep
Show reportsreports
Show statisticsstatistics
Show topologytopology
Show traceroute resultstraceroute
Example
The following example shows how to use the show troubleshoot eptoep session <session name> command:admin@apic1:/> show troubleshoot eptoep session <session name>
versionTo display the current software version of a node, use the version command.
If you do not specify a node, the command displays the current software version of all configured nodes.Note
version {controller | switch} [node-id ]
Syntax Description Displays the version for a controllercontroller
Displays the version for a switchswitch
The target node ID or node name. You can specify a range of node IDsor a list of node names.
node-id
Example
The following examples show how to use the version command:admin@apic1:~> version switch 101node type node id node name version--------- ------- --------- ----------------leaf 101 leaf1 simsw-1.0(0.450)
admin@apic1:~> versionnode type node id node name version---------- ------- --------- ----------------controller 1 apic1 1.0(0.450)controller 2 apic2 1.0(0.450)controller 3 apic3 1.0(0.450)leaf 101 leaf1 simsw-1.0(0.450)leaf 102 leaf2 simsw-1.0(0.450)leaf 103 leaf3 simsw-1.0(0.450)spine 104 spine1 simsw-1.0(0.450)spine 105 spine2 simsw-1.0(0.450)
Cisco APIC Object Model Command-Line Interface User Guide50
Command Referenceversion
whereTo display the management information tree (MIT) directory path for a scope, use the where command.
where scope-name
Syntax Description The scope name, such as aaa or access-policies.scope-name
Example
The following examples show how to use the where command:admin@apic1:~> where aaa local-users admin/aci/admin/aaa/security-management/local-users/admin
Cisco APIC Object Model Command-Line Interface User Guide 51
Command Referencewhere
Cisco APIC Object Model Command-Line Interface User Guide52
Command Referencewhere
I N D E X
A
aci file system 5attach Command 20auditlog Command 21
B
Bash 3Bash Shell 3
GNU Bash Shell 3Bash shell 3
C
command help 4command history 4command modes 4
description 4Command Reference, CLI 7, 19controller Command 22
D
Data Management Engine 2debug file system 5
E
eraseconfig command 24eventlog Command 24, 45, 46, 47, 48, 49
F
faults Command 25file system 2
H
health Command 28home directory 6
L
loglevel Command 29
M
man Command 30MAN pages 4managed object 2
description 2managed objects (MOs) 2Management Information Tree 2Management Information Tree (MIT) 2mit file system 5mobrowser Command 30moconfig Command 31mocreate Command 32mofind Command 33moprint 33moprint Command 33moquery Command 35moset Command 36mostats Command 37mount points 5
P
Python API 2
S
scope Command 40
Cisco APIC Object Model Command-Line Interface User Guide IN-1
Shell Scripts 2show Command 41
T
trafficmap Command 44
V
version Command 50
W
where Command 51
Cisco APIC Object Model Command-Line Interface User GuideIN-2
Index